Procmail Recipe to Filter Addresses in the From Field – April 12, 2011

I've noticed a common spam method lately, which I'm not quite sure what the idea is since it is so obviously spam, and trivially filterable that it doesn't seem like it will last very long, but a couple have ended up in my inbox, and since I really don't like emails in my inbox I decided I would write a filter to keep this type out.

* ^From:[^@]+@[^@]+@

Pretty simple - just look for multiple @ signs in the From address - I can't think of a reason why someone would do that on purpose.  Though maybe some people have "" <> as their from address - I'll have to see if it results in any false positives.

Questions? Have Anything to Add?
(your comments will be published on this site - click here for private questions)

I got one legitimate email today that failed the above formula, so I changed it to:

* ^From:[^@]+@alumni[^@]+@alumni

since all of this sort of spam so far has used my college alumni domain.

Hopefully, the spamassassin guys can make a rule that works more generally. Maybe simply looking for three @ characters would work, otherwise, you have to parse the address more fully - ignoring stuff within the quote signs.

Posted by Jon Daley on April 13, 2011, 2:40 pm